Amazon AWS Fix cloud-init in Ubuntu 12.10

Posted on Monday, April 15, 2013

This guide goes over fixing one bug in the cloud-init
feature in Ubuntu 12.10. The issue is
this, when creating a user and giving them a password their password becomes
"locked"

In the cloud-init version 0.7 installed with Ubuntu 12.10 AMIs
there is a bug if you are trying to set the password for a user it becomes
locked.

The bug and its fix are covered here https://bugs.launchpad.net/cloud-init/+bug/1096423
[1] So it has been fixed but
the fix is not on the Ubuntu 12.10 AMI images yet (And I do not think it ever
will be). So here is my process for
putting this fix into a 12.10 AMI and making your own AMI to use.

What is a locked password?

Well if you are like me you may have never locked or
unlocked a password before.

To lock the password of a user named patman you would run this
command.

> sudo passwd patman -l

What this really does is to put an "!" in front of
your password in the /etc/shadow file

Running the following command

> sudo cat /etc/shadow | grep patman

Here you see the exclamation point. Which indicates that this users password is
locked and cannot be used.

To unlock a password run the
following command

> sudo passwd patman -u

The problem

The cloud-init tool that comes with ubuntu 12.10 will always
set the users password to a locked state.

To show the problem you first need an encrypted password

> mkpasswd
-m sha-512

For testing purposes I entered
in a password of "password"
which gives me back the encrypted password of

But, it does not work on ec2 instances within a VPC for some
unknown reason (Well at least unknown to me J ) In a VPC they user's passwords remained
locked, as if the runcmd never actually ran.

The Fix

I created a new instance without using a cloud-init
file. Then I updated the cloud-init code
and saved this machine as a new AMI.
Then I created a new instance from this AMI. (this AMI
will be made the west-2 region)